Cosmin Cojocar
2d6b0a5b0f
Update release build script ( #924 )
...
* Remove deprecated goreleaser flag from release build script
* Update cosign version to v1.13.1
2023-02-06 14:39:25 +01:00
renovate[bot]
54f56c7d6a
chore(deps): update all dependencies ( #922 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-06 14:16:49 +01:00
Cosmin Cojocar
df14837174
Update to Go 1.20 and fix unit tests ( #923 )
...
* Fix unit tests for Go 1.20
* Update to Go 1.20 in the build scripts
* Remove support for 1.18 in the build
* Fix the golangci lint version according to Go version used
* Fix golangci version string
* Fix gci linter warning
* Remove golint in favour of golangci
2023-02-06 14:15:05 +01:00
Cosmin Cojocar
b4270dd020
Update Go to latest version ( #920 )
2023-01-31 10:00:24 +01:00
Cosmin Cojocar
c5d217da7a
Update Go version in CI script ( #913 )
...
* Update Go version in CI script
* Introduce back an additional check for filepath clean to fix the unit tests
2023-01-09 16:49:02 +01:00
renovate[bot]
11898d512a
chore(deps): update all dependencies ( #906 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-02 17:35:12 +01:00
Cosmin Cojocar
0acfbb436c
Update Go version in CI scripts ( #889 )
2022-11-08 09:54:40 +01:00
Cosmin Cojocar
1af1d5bb49
Pin release build to Go version 1.19.2 ( #882 )
2022-10-17 11:06:43 +02:00
Sebastiaan van Stijn
ed386818fd
go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions ( #880 )
...
* gha: remove go1.17, temporarily force 1.18.7, 1.19.2
The security scanner is flagging the code to have a vulnerability, but it's
detecting that we're running go1.18.6, not "latest" (go1.18.7 at time of writing).
Temporarily pinning to go1.18.7 to force installing the latest version:
Vulnerability #1 : GO-2022-1039
Programs which compile regular expressions from untrusted
sources may be vulnerable to memory exhaustion or denial of
service. The parsed regexp representation is linear in the size
of the input, but in some cases the constant factor can be as
high as 40,000, making relatively small regexps consume much
larger amounts of memory. After fix, each regexp being parsed is
limited to a 256 MB memory footprint. Regular expressions whose
representation would use more space than that are rejected.
Normal use of regular expressions is unaffected.
Call stacks in your code:
Error: helpers.go:463:26: github.com/securego/gosec/v2.ExcludedDirsRegExp calls regexp.MustCompile, which eventually calls regexp/syntax.Parse
Found in: regexp/syntax@go1.18.6
Fixed in: regexp/syntax@go1.19.2
More info: https://pkg.go.dev/vuln/GO-2022-1039
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* go.mod: github.com/onsi/ginkgo/v2 v2.3.1
CI was failing because of a mismatch:
/home/runner/go/bin/ginkgo -v --fail-fast
Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:
Ginkgo CLI Version:
2.3.1
Mismatched package versions found:
2.2.0 used by gosec
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* go.mod: golang.org/x/text v0.3.8
to address GO-2022-1059
The vulnerabilities below are in packages that you import, but your code
doesn't appear to call any vulnerable functions. You may not need to take any
action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.
Vulnerability #1 : GO-2022-1059
An attacker may cause a denial of service by crafting an Accept-Language
header which ParseAcceptLanguage will take significant time to parse.
Found in: golang.org/x/text/language@v0.3.7
Fixed in: golang.org/x/text/language@v0.3.8
More info: https://pkg.go.dev/vuln/GO-2022-1059
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-17 10:05:13 +02:00
Cosmin Cojocar
d3933f9e14
chore: add support for Go 1.19
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-08 10:56:19 +02:00
Cosmin Cojocar
21fcd2f904
Phase out support for Go 1.16 since is not supported anymore by Go team ( #837 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-26 11:08:30 +02:00
Sascha Grunert
05f3ca80f9
Pin cosign-installer to v2
( #824 )
...
We now have tags available in the cosign-installer, which allows us to
pin the latest release via `v2`.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-06-23 14:50:50 +02:00
renovate[bot]
0a929c7b6c
chore(deps): update all dependencies ( #816 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-29 17:36:29 +02:00
renovate[bot]
12be14859b
chore(deps): update all dependencies ( #812 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-09 12:02:57 +02:00
renovate[bot]
0dcc3362ae
chore(deps): update all dependencies ( #811 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-02 21:00:33 +02:00
renovate[bot]
b69c3d48c8
chore(deps): update all dependencies ( #805 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-11 20:12:37 +02:00
renovate[bot]
82eaa12696
chore(deps): update all dependencies ( #796 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-28 20:23:59 +02:00
Cosmin Cojocar
607d607b51
Enable Go 1.18 in the ci and release workflows
...
* Enable Go 1.18 in the ci and release workflows
* Fix lint warning
* Add golangci as a make target
2022-03-21 16:53:22 +01:00
Cosmin Cojocar
b99b5f7838
Fix the lint action after upgrade ( #790 )
2022-03-14 14:19:29 +01:00
renovate[bot]
8af0af7611
chore(deps): update all dependencies ( #789 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-14 14:10:28 +01:00
Cosmin Cojocar
26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign ( #781 )
...
* Extend the release action to sign the docker image and binary files with cosign
* Fix lint warnings
* Fix the ling warnings
* Fix the lint warnings
2022-02-22 21:33:42 +01:00
Cosmin Cojocar
69213955da
Fix the SBOM generation step in the release action ( #712 )
2021-10-15 10:57:09 +02:00
Cosmin Cojocar
5a3a27afae
Phase out support for go version 1.15 because current ginko is not backward compatible ( #710 )
...
We are going to support only the stable versions provided by the Go team.
2021-10-15 10:46:13 +02:00
renovate[bot]
e73248cc12
chore(deps): update all dependencies ( #701 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-05 19:29:19 +02:00
Cosmin Cojocar
1b2eecc8c4
Enable go 1.17 in the build and release workflows ( #694 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2021-09-02 14:59:49 +02:00
renovate[bot]
5b3d23117c
Update codecov/codecov-action action to v2 ( #670 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-27 22:04:29 +02:00
Niklas
0ee8ad3d5b
Use version ^v0
instead of latest
for cyclonedx-gomod ( #667 )
...
To avoid breaking the build when cyclonedx-gomod introduces breaking changes in a new major version. See https://github.com/CycloneDX/gh-gomod-generate-sbom/releases/tag/v0.3.0
Signed-off-by: nscuro <nscuro@protonmail.com>
2021-07-19 11:25:04 +02:00
renovate[bot]
e936c84a90
Update all dependencies ( #658 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-28 16:09:51 +02:00
Vinod Anandan
5032f998a0
Generate SBOM ( #655 )
...
* Generate SBOM
* Update release.yml
* Update .github/workflows/release.yml
Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
* Publish bom.json
* Ignore SBOMs generated during CI
Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
2021-06-21 10:50:44 +02:00
Matthieu MOREL
03e876754d
Add security scan ( #654 )
...
* Add security scan
* Update scan.yml
2021-06-21 10:49:57 +02:00
Matthieu MOREL
6cde6b3242
Disable cache in golangci job ( #636 )
...
* Update ci.yml
* Update ci.yml
2021-06-01 09:41:43 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build
2021-05-31 10:44:12 +02:00
Matthieu MOREL
244adc6bdc
Update the github ci action to use cache and matrix strategy
2021-05-31 10:40:47 +02:00
Matthieu MOREL
103c429df5
Enable golangcli and improve testing for formatters
2021-05-10 10:08:04 +02:00
Matthieu MOREL
f4ea33d5f8
Update how the test coverage is generated
2021-05-07 17:01:09 +02:00
Cosmin Cojocar
9c047e32a3
Add support for Go 1.16 in the CI and release workflows ( #581 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-26 11:12:38 +01:00
Cosmin Cojocar
00bbbd8413
Fix the release workflow to allow unsecure commands
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-01-22 11:36:52 +01:00
renovate[bot]
208b73eec4
Update all dependencies ( #538 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-11-02 09:15:56 +01:00
Cosmin Cojocar
ea0fa28b7f
Update the Github go action version to 1.6.0
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
Cosmin Cojocar
feea8bb243
Fix the action tag
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
Cosmin Cojocar
6688a97661
Fix the github action for Go 1.15
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
Cosmin Cojocar
7234349e33
Add Go 1.15 to the supported version and phase out the Go 1.12
...
Also updated the release automation to release gosec with use Go 1.15
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
Cosmin Cojocar
51e4317f09
Automate the release process using a GitHub workflow
...
The release will trigger when a new tag is pushed.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 00:41:56 -07:00
Cosmin Cojocar
e030aa4f76
Remove the go 1.14 version from github action
...
It seems to fail when starting the action.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:20:59 +02:00
Cosmin Cojocar
ee176ff8fc
Fix the job names in the Github workflow
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:16:53 +02:00
Cosmin Cojocar
cabccc75ef
Add to GitHub workflow some jobs for go1.13 and go1.12
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:15:21 +02:00
Cosmin Cojocar
a111777041
Change the GitHub workflow to use only the latest Go version
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:06:29 +02:00
Cosmin Cojocar
722acb64cb
Change the GitHub workflow to run the builds only on ubuntu-latest platform
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:59:02 +02:00
Cosmin Cojocar
5284f34b6f
Change the GitHub workflow to use an action which install Go using a Go version from the matrix
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:52:42 +02:00
Cosmin Cojocar
8de5fb6eb2
Migrate the build to GitHub Actions
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 03:32:24 -07:00